Unlike cybersecurity degree programs at other universities, IU's master's degree goes beyond primarily offering either technical or policy expertise. The degree -- being delivered in a hybrid online format -- draws on faculty from IU's Kelley School of Business, Maurer School of Law and School of Informatics and Computing. It will offer practical approaches to addressing policy, legal and ethical cybersecurity questions increasingly faced by leaders across a range of fields.

"If you speak with policymakers and technical specialists about cybersecurity, they often speak about similar problems but use totally different languages," said Scott Shackelford, associate professor of business law and ethics at IU's Kelley School of Business and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance.

"Until we start to bring them together, under the umbrella of risk management, that confusion will be another challenge adding to an already daunting problem," said Shackelford, faculty chair for the degree program. "This new degree is designed to help both aspiring and current business, information technology and legal professionals to jumpstart a broader, more informed conversation about the role of cybersecurity in organizational decision-making."

As evidenced by recent national headlines, cybersecurity increasingly needs to be addressed at every level in both private and public-sector organizations. Top executives have stepped down in the wake of cyberattacks, which also have impacted presidential political campaigns.

"There is a critical need to develop and deploy cybersecurity best practices to better manage the multifaceted cyber threat," said Steven Myers, IU associate professor of computer science and informatics. "IU is well situated to meet this need by offering cutting-edge cybersecurity training to graduates."

IU has been a leader in cybersecurity research and education for more than two decades, and is recognized by the federal government as a National Center of Academic Excellence in both Information Assurance Education and Research. Since 2003, faculty affiliated with the Center for Applied Cybersecurity Research have conducted applied research supported by the National Science Foundation, the departments of homeland security and energy, the U.S. Army and industry.

A new unit in IU Bloomington’s School of Informatics and Computing, the Center for Security Informatics, studies and supports the design evaluation and implementation of technologies that enable control over information.

Fred Cate, IU vice president for research and a Distinguished Professor at the Maurer School of Law, said the new degree “is designed to respond to the frequent demand we hear from employers for graduates with broad, practical training in cybersecurity.”

IU also has been a pioneer in online education for nearly 20 years, and among its leading exemplars is the Kelley School. In 1999, its Kelley Direct program became the first online MBA offered by a top-ranked business school. With this and other initiatives, the Maurer School of Law and the School of Informatics and Computing similarly provide greater access for students.

In-residence weeks in Washington, D.C., and at IU Bloomington are being planned for the new degree, which will facilitate interaction and collaboration among students and with faculty. Top cybersecurity professionals from major companies and federal agencies will speak with students as part of those activities.

Another unique aspect to IU's Master of Science in cybersecurity risk management will be its immersive capstone consulting experience that helps students become more familiar with the National Institute for Standards and Technology Cybersecurity Framework, a baseline of cybersecurity best practices that are increasingly informing decision-making.

Working in partnership with the Indiana Office of Technology, students will advise local municipalities, school corporations and critical infrastructure providers across the Hoosier state through a collaborative investigation of their cybersecurity practices.

"This innovative, interprofessional degree helps to deepen the ties between IU and the state of Indiana by offering new opportunities for IU students to help enhance cybersecurity preparedness for underserved stakeholders across the state," said Tad Stahl, the state of Indiana's chief information security officer.

The 30-credit-hour program is designed both for recent graduates who have completed an undergraduate education as well as mid-career professionals. It can be completed over two years, although prior training and intensive coursework can shorten time spent in the program.

In addition to completing the M.S. degree in cybersecurity risk management, students will have the option of also earning up to two graduate cybersecurity certificates from the participating schools. These include a Graduate Certificate in Secure Computing from the School of Informatics and Computing, Graduate Certificates in Information Privacy Law as well as Cybersecurity Law and Policy from the Maurer School and Computing and a Certificate in Cybersecurity Management at the Kelley School.